Dear Django developers,
I need a bit of advice on how to solve an authorization problem.
My site is a is still being designed in my mind but think of it as a
portal of mini-facebooks (Gang);
In each Gang there functions such as write on wall, upload pictures,
share links, sell/buy stuff, discuss and so on.
I see 3 basic roles;
Admin (can do/see everything in a Gang)
Users (can't edit/see configurations)
Guest (can access a Gang if invited but only read)
A user can be a User in one Gang, a Guest in a second and Admin of a third.
The above, I guess could solve by simply having three ManyToMany-fields
(admins,users,guests) on each Gang-model, referencing the User table.
However I would like something more fine-grained, and see the roles as
"templates of accessrights".
E.g. the access rights should be as detailed as "Allow Create Gang",
"Allow Invite to Gang", "Allow Write on Wall" and so on.
And of course, these access rights are only relevant for a particular
user in a specific Gang (with the exception of the first).
Maybe it's too complicated and not worth it, but I am willing to try and
of course listen to the opinions of the experienced crowd here. :)
Another issue that bothers me is minor, but how to use these acessrights
in the template system to "hide" elements on the page for users who are
not allowed to interact with them.
Thank you for reading so far.
Regards
A.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/52E7D3C6.4040005%40x76.eu.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment